“Apple will begin signing up independent software vendors (ISVs) for the 10.7 developer programme by early autumn 2010,” Rixstep reports. “Membership will cost $99 just as the iPhone programme and will include a number of benefits including free downloads of the Xcode developer tools and access to online API documentation.”
Rixstep reports, “Developers planning on marketing software for 10.7 will submit their products to the App Store as iPhone and now iPad developers have already done. 10.7 will have kernel support for (‘insistence on’) binaries signed with Apple’s root certificate. No software will be able to run on Mac OS X 10.7 without being approved and signed by Apple, Inc.“
“Slapping a root certificate on a binary running Snow Leopard or earlier doesn’t change anything: the certificate represents an additional executable section that can easily be removed. Individual apps can of course check for the presence of a certificate, but it’s not before the OS kernel itself insists on this certificate that program execution is totally in Apple’s control,” Rixstep reports. “It’s expected there’ll be efforts to ‘jailbreak’ 10.7 just as there have been with the iPhone and iPad systems.”
Full article here.
9 to 5 Mac is reporting that a developer they’ve contacted says that the facts are distorted in the Rixstep article:
Code signing for Mac Applications is already in place, and has been for a couple of versions of Mac OS X. There is a command line tool included in OS X (sorry, don’t recall the name) that can show the user which apps are signed, and by what certificates Contrary to the article, code signing of applications is already used by OS X.
You’ll notice that when you update some third party applications from, for example, v1.0 to v1.1, if that app stores data in you keychain, the first time you run the new version of the app you will get the popup window saying “Application X would like to use data stored in you keychain.” This is because the application is not signed, therefore the System can’t verify it is the same app from the same developer after it has been updated and the executable has changed on your disk.
You may not have noticed that when you update Safari or Mail or some third party apps, you do not get the dialogue, as these apps are signed, and the signing is still valid after the update, so the System can be sure the app has not been tampered with by a 3rd party, and it is OK to continue to allow it access to the keychain.
Full article here.